A loathsome computer scam crippled my laptop, and I wanted revenge. It began nearly three weeks ago. While I was browsing the Internet, a scary red alert popped up on my screen...world Updated: Mar 28, 2010 01:11 IST
A loathsome computer scam crippled my laptop, and I wanted revenge.
It began nearly three weeks ago. While I was browsing the Internet, a scary red alert popped up on my screen. Viruses and worms had been detected on my computer! I must “click here” for a full security scan!
It looked legitimate. The logo and page design reminded me of my own antivirus program. I clicked.
I had fallen for a rogue security program, or “scareware,” called “Antivirus 7.” Once entrenched, it sent a relentless stream of pop-up warnings that my computer was about to crash or my identity be stolen. The constant alerts made my computer unusable. They offered only one solution: Pull out my credit card and pay $51.95 for Antivirus 7.
The cyberswindlers didn’t get my money, but they cost me a heap of frustration. It took two weeks and four visits to The Washington Post’s IT department to get my computer back.
The Zen thing would have been to let go of my anger and move forward. But I was so peeved that I resolved to hunt down and confront the creeps who did this to me.
Not the easy road
Quixotic? You bet. Bad hackers can route viruses and other malicious programs through multiple sites from anywhere in the world. But I figured it might be possible to “follow the money,” because the lowlifes relied on credit card payments.
I began my quest by reading the official-looking “terms” for buying Antivirus 7. It said the agreement had been made “in accordance with Dutch law.”
The Dutch? But they always seem so nice and civilised. Surely they couldn’t be behind it. I called the embassy anyway.
Some e-mail traffic across the Atlantic showed it was a false trail. The Dutch government’s anti-cybercrime agency was aware of the program and said it was indeed scareware. Moreover, it was designed to look like a genuine, award-winning antivirus program, called Antivir 7, sold in 2006 by the Dutch firm Avira.
Next I went to the Federal Trade Commission (FTC). It’s supposed to protect consumers against computer fraud, among other things.
Ethan Arenson, coordinator of the FTC’s spam enforcement program, confirmed that tracking the money is the best way to catch such crooks. But they put up lots of roadblocks. They hire other companies to process the credit card payments. They work with shady foreign banks.
The FTC has had some success against them. Last month it obtained a $163 million federal court judgment in Baltimore against three men for distributing more than 1,000 varieties of bogus security software. “We spent about a year tracking them down. We sorted through the shell companies,” Arenson said.
That’s great, but what about Antivirus 7? Arenson suggested I file a complaint on the FTC’s Web site. It took 33 minutes. I felt virtuous.
But I despaired when I read the description of what the agency would do with the information. Although such input “can help us detect patterns of wrong-doing,” the site says, “The FTC does not resolve individual consumer complaints.”
I turned to the private sector. A site called Malwarebytes.org seemed promising. Its business is fighting rogue software, and it had put out a detailed consumer warning about Antivirus 7.
At my request, the company did some technical digging into the scareware’s origins. It found that the same servers used to distribute Antivirus 7 are also used for lots of other crooked software.
“These guys are definitely professionals. They have a huge block of sites that they’re using to spam people, to push out malware, to basically just be bad guys,” said Robert Hafner, network administrator for Malwarebytes.
Even better, Hafner said that contact information for the domains registered most recently to distribute Antivirus 7 came from ... China.
“While he claims to be in the U.S., it’s clear from his registrar, phone number and e-mail that he is actually somewhere in China,” Hafner said.
He gave me the phone number, for a landline in Guangxi province in southern China. My heartbeat sped up. Success was near. Hafner said even the Chinese phone number could be phony, but I didn’t care. This was as close as I could probably get.
I dialled. I don’t speak Chinese, but I thought a savvy international cybercrook was likely to speak some English.
No such luck. A woman answered the phone and responded at length, but only in Chinese, before hanging up.
It sounded as though I’d woken her up. It was after midnight in Guangxi.
I wasn’t deterred. Fortunately, a Post Web editor seven steps from my office speaks Chinese. I ask her to dial again.
“Do you sell software?” No answer. “Do you sell Antivirus 7?” Nothing. Then it got interesting.
“Can you hear me?”
“Yes, I can hear you.”
“I’m from the newspaper The Washington Post. Do you know it?”
“Some software you sell has harmed my PC. What do you say about that?”
She hung up. I hope a guilty conscience kept her awake all night.
In exclusive partnership with The Washington Post. For additional content please visit www. washingtonpost.com